The Internet has enabled interconnection of different computer networks all over the world. The ability to effectively protect and maintain stable computers and systems, however, presents a significant obstacle for component manufacturers, system designers, and network operators. This obstacle is made even more complicated due to the continually-evolving array of tactics exploited by malicious software authors. Malicious software authors create malicious software (“malware”) to disrupt or stop computer operations, steal information, gain unauthorized access to system resources, and conduct other unauthorized abusive, hostile, intrusive, or annoying activities. Malware continues to evolve with new malware objects being developed potentially exposing computers and systems every day.
Malware detection and prevention software, among other computer security products, have been developed to detect, block, disable, quarantine, and delete malware from systems using the computer security products. Attackers are getting more sophisticated in obfuscating malicious code and often run their own tests to simulate the targeted network and computers. Attackers often base such tests on internal information harvested before an attack (a.k.a. a reconnaissance attack phase). As a result, malware is becoming more customized, making signature-based detection progressively less effective. Consequently, there is a need in the art for effective methods for detecting threats to network systems, particularly threats that are customized for specific networks.